requirements-engineer

Pass

Audited by Gen Agent Trust Hub on Apr 28, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: No malicious patterns, prompt injections, or unauthorized command executions were detected. The skill provides a structured role-based configuration for software development requirements gathering.
  • [DATA_EXFILTRATION]: No sensitive file access, credential harvesting, or unauthorized network operations were identified. External links in the metadata point to the author's official GitHub Pages site.
  • [REMOTE_CODE_EXECUTION]: No remote script downloads or installations of untrusted dependencies were found. Mentions of load testing tools like 'k6' are provided as illustrative examples for non-functional requirement verification and are not executed by the skill code.
  • [INDIRECT_PROMPT_INJECTION]: The skill ingests user-supplied problem descriptions to generate requirements and work items. This ingestion is standard for the skill's purpose and does not involve high-risk capability chains.
  • Ingestion points: User descriptions of business needs in the SKILL.md workflow.
  • Boundary markers: Absent.
  • Capability inventory: Tools for creating and planning work items (e.g., github-issues-planning).
  • Sanitization: Absent.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 28, 2026, 06:02 PM
Security Audit — agent-trust-hub — requirements-engineer